ãåç¥ã®ãšããã人éã¯æ æ°ãªçãç©ã§ãã
匷åãªãã¹ã¯ãŒããéžæããå Žåã¯ããã«éèŠã§ãã
ãã¹ãŠã®ç®¡çè
ã¯ã軜éã§æšæºçãªãã¹ã¯ãŒãã䜿çšãããšããåé¡ã«çŽé¢ããããšããããšæããŸãã ãã®çŸè±¡ã¯äŒæ¥çµå¶ã®äžå±€éšã§ããèµ·ãããŸãã ã¯ããã¯ãããŸãã«æ©å¯æ
å ±ãåæ¥æ
å ±ã«ã¢ã¯ã»ã¹ã§ãã人ã
ã®éã§ããã¹ã¯ãŒãã®æŒæŽ©/ãããã³ã°ããããªãã€ã³ã·ãã³ãã®åœ±é¿ãæé€ããããšã¯éåžžã«æãŸãããããŸããã
ç§ã®å®åã§ã¯ããã¹ã¯ãŒã ããªã·ãŒãæå¹ã«ãªã£ãŠãã Active Directory ãã¡ã€ã³ã§ãäŒèšå£«ããPas$w0rd1234ãã®ãããªãã¹ã¯ãŒããããªã·ãŒèŠä»¶ã«å®å
šã«é©åãããšããèããç¬èªã«æãã€ããããšããããŸããã ãã®çµæããã®ãã¹ã¯ãŒããããããå Žæã§åºã䜿çšãããããã«ãªããŸããã æã«ã¯ãäžé£ã®æ°åã ããç°ãªãããšããããŸããã
ç§ã¯ããã¹ã¯ãŒã ããªã·ãŒãæå¹ã«ããŠæåã»ãããå®çŸ©ããã ãã§ãªããèŸæžã«ãããã£ã«ã¿ãªã³ã°ãã§ããããã«ããããšèããŠããŸããã ãã®ãããªãã¹ã¯ãŒãã䜿çšãããå¯èœæ§ãæé€ããããã
Microsoft ã¯ãã³ã³ãã€ã©ãIDE ãæ£ããæã«æã¡ãC++ ãæ£ããçºé³ããæ¹æ³ãç¥ã£ãŠãã人ãªã誰ã§ããå¿ èŠãªã©ã€ãã©ãªãã³ã³ãã€ã«ããèªåã®ç解ã«åŸã£ãŠäœ¿çšã§ããããšãããªã³ã¯ãä»ããŠèŠªåã«ãæããŠãããŸããã ããªãã®è¬èãªåã«ã¯ãããªããšã¯ã§ããªãã®ã§ãç§ã¯æ¢è£œã®è§£æ±ºçãæ¢ãå¿ èŠããããŸããã
é·ãæéã®æ€çŽ¢ã®çµæãåé¡ã解決ããããã® XNUMX ã€ã®éžæè¢ãæããã«ãªããŸããã ãã¡ãããç§ã¯ãªãŒãã³ãœãŒã¹ ãœãªã¥ãŒã·ã§ã³ã«ã€ããŠè©±ããŠããŸãã çµå±ã®ãšãããæåããæåŸãŸã§ææãªãã·ã§ã³ããããŸãã
ãªãã·ã§ã³çªå·1ã
çŽ 2 幎éã³ãããããããŸããããã€ãã£ã ã€ã³ã¹ããŒã©ãŒãæã åäœãããããæåã§ä¿®æ£ããå¿ èŠããããŸãã ç¬èªã®å¥ã®ãµãŒãã¹ãäœæããŸãã ãã¹ã¯ãŒã ãã¡ã€ã«ãæŽæ°ããå ŽåãDLL ã¯å€æŽãããå 容ãèªåçã«ååŸããªãããããµãŒãã¹ãåæ¢ããã¿ã€ã ã¢ãŠããåŸ ã£ãŠãã¡ã€ã«ãç·šéãããµãŒãã¹ãéå§ããå¿ èŠããããŸãã
æ°·ã¯ãããŸããïŒ
ãªãã·ã§ã³çªå·2ã
ãããžã§ã¯ãã¯ã¢ã¯ãã£ãã§çãçããšããŠããŠãå·ããäœã蹎ãå¿
èŠãããããŸããã
ãã£ã«ã¿ãŒãã€ã³ã¹ããŒã«ããã«ã¯ãXNUMX ã€ã®ãã¡ã€ã«ãã³ããŒããããã€ãã®ã¬ãžã¹ã㪠ãšã³ããªãäœæããå¿
èŠããããŸãã ãã¹ã¯ãŒããã¡ã€ã«ã¯ããã¯ãããŠããŸãããã€ãŸããç·šéå¯èœã§ããããããžã§ã¯ãã®äœæè
ã®èãã«ããã°ãXNUMXåã«XNUMXåèªã¿åãããã ãã§ãã ãŸããè¿œå ã®ã¬ãžã¹ã㪠ãšã³ããªã䜿çšãããšããã£ã«ã¿èªäœãšãã¹ã¯ãŒã ããªã·ãŒã®åŸ®åŠãªéãã®äž¡æ¹ãããã«è©³çŽ°ã«æ§æã§ããŸãã
ã ããã
æå®: Active Directory ãã¡ã€ã³ test.local
Windows 8.1 ãã¹ã ã¯ãŒã¯ã¹ããŒã·ã§ã³ (åé¡ã®ç®çã«ãšã£ãŠã¯éèŠã§ã¯ãããŸãã)
ãã¹ã¯ãŒããã£ã«ã¿ãŒ PassFiltEx
- ãªã³ã¯ããææ°ãªãªãŒã¹ãããŠã³ããŒã
PassFiltEx - ã³ã㌠PassFiltEx.dll в CïŒWindowsSystem32 ïŒãŸã㯠ïŒ
SystemRootïŒ
System32).
ã³ã㌠PassFiltExBlacklist.txt в CïŒWindowsSystem32 ïŒãŸãã¯ ïŒ SystemRootïŒ System32ïŒã å¿ èŠã«å¿ããŠãç¬èªã®ãã³ãã¬ãŒãã§è£å®ããŸã
- ã¬ãžã¹ã㪠ãã©ã³ãã®ç·šé: HKLMSYSTEMCurrentControlSetControlLsa => éç¥ããã±ãŒãž
è¿œå PassFiltEx ãªã¹ãã®æåŸãŸã§ã (æ¡åŒµåãæå®ããå¿ èŠã¯ãããŸããã) ã¹ãã£ã³ã«äœ¿çšãããããã±ãŒãžã®å®å šãªãªã¹ãã¯æ¬¡ã®ããã«ãªããŸããrassfm scecli PassFiltEx"
- ãã¡ã€ã³ ã³ã³ãããŒã©ãŒãåèµ·åããŸãã
- ãã¹ãŠã®ãã¡ã€ã³ ã³ã³ãããŒã©ãŒã«å¯ŸããŠäžèšã®æé ãç¹°ãè¿ããŸãã
次ã®ã¬ãžã¹ã㪠ãšã³ããªãè¿œå ããããšãã§ããŸããããã«ããããã®ãã£ã«ã¿ãããæè»ã«äœ¿çšã§ããããã«ãªããŸãã
ã»ã¯ã·ã§ã³ïŒ HKLMSOFTWAREPassFiltEx â ã¯èªåçã«äœæãããŸãã
- HKLMSOFTWAREPassFiltExBlacklistFileNameãREG_SZãããã©ã«ã: PassFiltExBlacklist.txt
ãã©ãã¯ãªã¹ããã¡ã€ã«å â ãã¹ã¯ãŒã ãã³ãã¬ãŒããå«ããã¡ã€ã«ãžã®ã«ã¹ã¿ã ãã¹ãæå®ã§ããŸãã ãã®ã¬ãžã¹ã㪠ãšã³ããªã空ã§ãããååšããªãå Žåã¯ãããã©ã«ãã®ãã¹ã䜿çšãããŸãã ïŒ SystemRootïŒ System32ã ãããã¯ãŒã¯ ãã¹ãæå®ããããšãã§ããŸããããã³ãã¬ãŒã ãã¡ã€ã«ã«ã¯èªã¿åããæžã蟌ã¿ãåé€ãå€æŽã«å¯Ÿããæ確ãªæš©éãå¿ èŠã§ããããšã«æ³šæããŠãã ããã
- HKLMSOFTWAREPassFiltExTokenPercentageOfPasswordãREG_DWORDãããã©ã«ã: 60
ããŒã¯ã³ãã¹ã¯ãŒãã®å²å â æ°ãããã¹ã¯ãŒãã®ãã¹ã¯ã®å²åãæå®ã§ããŸãã ããã©ã«ãå€ã¯ 60% ã§ãã ããšãã°ãåºçŸçã 60 ã§ãæåå starwars ããã³ãã¬ãŒã ãã¡ã€ã«ã«ããå Žåããã¹ã¯ãŒã㯠ã¹ã¿ãŒãŠã©ãŒãº1ïŒ ãã¹ã¯ãŒããå ¥åãããŠããéã¯æåŠãããŸã ã¹ã¿ãŒãŠã©ãŒãº1!ããŒã¹ãã€ããŒ88 ãã¹ã¯ãŒãã«å«ãŸããæååã®å²åã 60% æªæºã§ãããããåãå ¥ããããŸã
- HKLMSOFTWAREPassFiltExRequireCharClassesãREG_DWORDãããã©ã«ã: 0
RequireCharClasses â æšæºã® ActiveDirectory ãã¹ã¯ãŒãã®è€éãã®èŠä»¶ãšæ¯èŒããŠããã¹ã¯ãŒãèŠä»¶ãæ¡åŒµã§ããŸãã çµã¿èŸŒã¿ã®è€éãã®èŠä»¶ã§ã¯ã倧æåãå°æåãæ°åãç¹æ®æåãUnicode ã® 3 çš®é¡ã®æåã®ãã¡ 5 ã€ãå¿ èŠã§ãã ãã®ã¬ãžã¹ã㪠ãšã³ããªã䜿çšããŠããã¹ã¯ãŒãã®è€éãã®èŠä»¶ãèšå®ã§ããŸãã æå®ã§ããå€ã¯ã察å¿ãã XNUMX ã®çŽ¯ä¹ã§ãããããã®ã»ããã§ãã
ã€ãŸãã1 = å°æåã2 = 倧æåã4 = æ°åã8 = ç¹æ®æåã16 = Unicode æåã§ãã
ãããã£ãŠãå€ã 7 ã®å ŽåãèŠä»¶ã¯ã倧æåãã«ãªããŸãã ãã㊠å°æå ãã㊠æ°åããå€ 31 - ã倧æåã ãã㊠å°æå ãã㊠ãã£ã®ã¥ã¢ ãã㊠ç¹æ®ãªèšå· ãã㊠Unicode æåãã
- 19 = â倧æåâ ãçµã¿åãããããšãã§ããŸãã ãã㊠å°æå ãã㊠Unicode æåãã
ãã³ãã¬ãŒã ãã¡ã€ã«ãäœæãããšãã®ããã€ãã®ã«ãŒã«:
- ãã³ãã¬ãŒãã§ã¯å€§æåãšå°æåãåºå¥ãããŸããã ãããã£ãŠããã¡ã€ã«ãšã³ããªã¯ã ã¹ã¿ãŒãŠã©ãŒãº О ã¹ã¿ãŒãŠã©ãŒãº åãå€ã§ãããšå€æãããŸãã
- ãã©ãã¯ãªã¹ã ãã¡ã€ã«ã¯ 60 ç§ããšã«åèªã¿åããããããç°¡åã«ç·šéã§ããŸããXNUMX ååŸã«æ°ããããŒã¿ããã£ã«ã¿ã§äœ¿çšãããŸãã
- çŸåšããã¿ãŒã³ ãããã³ã°ã«å¯Ÿãã Unicode ãµããŒãã¯ãããŸããã ã€ãŸãããã¹ã¯ãŒãã« Unicode æåã䜿çšã§ããŸããããã£ã«ã¿ã¯æ©èœããŸããã Unicode ãã¹ã¯ãŒãã䜿çšãããŠãŒã¶ãŒãèŠãããšããªããããããã¯éèŠã§ã¯ãããŸããã
- ãã³ãã¬ãŒã ãã¡ã€ã«ã«ã¯ç©ºè¡ãèš±å¯ããªãããšããå§ãããŸãã ãããã°ã§ã¯ããã¡ã€ã«ããããŒã¿ãããŒããããšãã«ãšã©ãŒãçºçããããšãããããŸãã ãã£ã«ã¿ãŒã¯æ©èœããŸããããªãäœåãªäŸå€ãçºçããã®ã§ãããã?
ãããã°çšã«ãã¢ãŒã«ã€ãã«ã¯ããã ãã¡ã€ã«ãå«ãŸããŠãããããã䜿çšããŠãã°ãäœæããããšãã°æ¬¡ã®ããã«è§£æã§ããŸãã
ãã®ãã¹ã¯ãŒã ãã£ã«ã¿ãŒã¯ Windows ã®ã€ãã³ã ãã¬ãŒã¹ã䜿çšããŸãã
ãã®ãã¹ã¯ãŒã ãã£ã«ã¿ãŒã® ETW ãããã€ããŒã¯æ¬¡ã®ãšããã§ãã 07d83223-7594-4852-babc-784803fdf6c5ã ãããã£ãŠãããšãã°ã次ã®åèµ·ååŸã«ã€ãã³ã ãã¬ãŒã¹ãæ§æã§ããŸãã
logman create trace autosessionPassFiltEx -o %SystemRoot%DebugPassFiltEx.etl -p "{07d83223-7594-4852-babc-784803fdf6c5}" 0xFFFFFFFF -ets
ãã¬ãŒã¹ã¯ã次åã·ã¹ãã ãåèµ·åããåŸã«éå§ãããŸãã æ¢ãŸãïŒ
logman stop PassFiltEx -ets && logman delete autosessionPassFiltEx -ets
ãããã®ã³ãã³ãã¯ãã¹ãŠã¹ã¯ãªããã§æå®ãããŸã StartTracingAtBoot.cmd О StopTracingAtBoot.cmd.
ãã£ã«ã¿ãŒæäœã XNUMX åéããã§ãã¯ããã«ã¯ã次ã䜿çšã§ããŸãã StartTracing.cmd О StopTracing.cmd.
ãã®ãã£ã«ã¿ã®ãããã°ææ°ãç°¡åã«èªã¿åãããã«ã Microsoft Message Analyzer 次ã®èšå®ã䜿çšããããšããå§ãããŸãã
ãã°ã€ã³ãšè§£æãåæ¢ããå Žå Microsoft Message Analyzer ãã¹ãŠã¯æ¬¡ã®ããã«ãªããŸãã
ããã§ã¯ããŠãŒã¶ãŒã®ãã¹ã¯ãŒããèšå®ããããšããããšãããããŸããéæ³ã®èšèããããæããŠãããŸãã ã»ãã ãããã°äžã ãããŠããã¹ã¯ãŒãã¯ãã³ãã¬ãŒã ãã¡ã€ã«ã«ååšããå
¥åãããããã¹ããš 30% 以äžäžèŽããããæåŠãããŸããã
ãã¹ã¯ãŒãã®å€æŽãæåãããšã次ã®ããã«è¡šç€ºãããŸãã
ãšã³ããŠãŒã¶ãŒã«ãšã£ãŠã¯äžäŸ¿ãªç¹ãããã ãã³ãã¬ãŒã ãã¡ã€ã«ã®ãªã¹ãã«å«ãŸããŠãããã¹ã¯ãŒããå€æŽããããšãããšãç»é¢ã«è¡šç€ºãããã¡ãã»ãŒãžã¯ããã¹ã¯ãŒã ããªã·ãŒãæž¡ãããŠããªãå Žåã®æšæºã¡ãã»ãŒãžãšå€ãããŸããã
ãããã£ãŠãããã¹ã¯ãŒããæ£ããå
¥åããã®ã«ãæ©èœããŸããããšããé»è©±ãå«ã³å£°ã«åããŠãã ããã
ãŸãšãã
ãã®ã©ã€ãã©ãªã䜿çšãããšãActive Directory ãã¡ã€ã³ã§ã®åçŽãªãã¹ã¯ãŒããŸãã¯æšæºã®ãã¹ã¯ãŒãã®äœ¿çšãçŠæ¢ã§ããŸãã ãããŒïŒããšèšããŸãããã ãã¹ã¯ãŒãã¯ãP@ssw0rdãããQwerty123ãããADm1n098ããªã©ã§ãã
ã¯ãããã¡ãããã»ãã¥ãªãã£ã«ããã»ã©æ°ãé
ããé©ããããªãã¹ã¯ãŒããèãåºãå¿
èŠãããããšã§ããŠãŒã¶ãŒã¯ããªããããã«æ°ã«å
¥ãã§ãããã ãããŠããããããã¹ã¯ãŒãã«é¢ããåãåãããåãåããã®æ°ãå¢ããã§ãããã ããããã»ãã¥ãªãã£ã«ã¯ä»£åã䌎ããŸãã
䜿çšãããªãœãŒã¹ãžã®ãªã³ã¯:
ã«ã¹ã¿ã ãã¹ã¯ãŒã ãã£ã«ã¿ãŒ ã©ã€ãã©ãªã«é¢ãã Microsoft ã®èšäº:
PassFiltEx:
ãªãªãŒã¹ãªã³ã¯:
ãã¹ã¯ãŒããªã¹ã:
ãããšã«ã»ããŒã¹ã©ãŒæ°ã¯æ¬¡ã®ããã«ãªã¹ãããŠããŸãã
weakpass.com ã®ã¯ãŒããªã¹ã:
berzerk0 ãªããžããªã®ã¯ãŒããªã¹ã:
Microsoft ã¡ãã»ãŒãž ã¢ãã©ã€ã¶ãŒ:
åºæïŒ habr.com